Cryptographic systems rely on encryption keys. In order to maintain high levels of security, an encryption key needs to be updated on a periodic basis. Updating cryptographic keys is most effectively accomplished by communicating a cryptographic keys to two different users in a manner that ensures that the cryptographic keys are not compromised. Once the cryptographic keys are received by the two different users, those users can communicate with each other in a secure manner in reliance of the fact that the keys provided to each user are a complimentary set and are only known to the two users participating in a secure communications session.
It is ordinarily appreciated that information is often encrypted before it is transmitted to a remote user. Military systems are just an example of the many types of applications where data (i.e. information) needs to be encrypted before it is conveyed to a remote user. Because the success of a mission can pivot on the security of communications used to control the application of resources in a battle theatre, the persistent use of an encryption key may not provide the high level of security desired in these types of applications. For this reason, a cryptographic key is often used only for a little while; for example for a day or two or maybe even for just a few hours.
The dilemma in these types of applications is that it is difficult or even impossible to provide replacement cryptographic keys to users that are deployed in a field of operation. There have been many techniques postulated to provide for enhanced security in these types of applications. For example, one known method relies on seeding a plurality of encryption keys in each of a first and second user's communications system. For example, two different radio sets can be seeded with 10 different complimentary key sets. Then, whenever the theatre of operation so dictates, a different complimentary key set is selected (e.g. a new key set is selected once per day). This method still requires that new key sets be provided to the actual hardware radio through in a secure manner. One such secure manner accomplishes seeding a cryptographic key into a radio by means of a data transfer device (DTD), which is a trusted hardware apparatus that conveys key sets to a user apparatus using a physical interface.
It can immediately be appreciated that this method, in order to be effective, requires extensive logistical planning and support. Even more important, such prior art methods can quickly be overwhelmed in situations where immediate battle readiness is required and where there simply is not enough time to physically replenish cryptographic keys to all of the resources that may need new encryption and decryption keys.